Home

Share this Story

A Handful of HTC Phones Have a Security Issue That Needs to be Addressed Immediately, HTC is Already Looking Into it

YouTube Preview Image

In the video above, TrevE from XDA, discovers that there is a serious security issue on a variety of HTC phones including the Thunderbolt.  As you’ll see while watching, an unrooted HTC device running Sense (HTC’s custom skin) does an extremely poor job of hiding or protecting any of the important information that should be encrypted or at least locked tightly away somewhere deep in your phone.  

There are couple of issues here that need to be pointed out.  First, is the fact that even if you opt out of HTC’s feedback program during the setup of your phone, they are still tracking every single thing you do. And seriously, we are talking everything down to the last app you opened for 2 seconds.  The second thing and probably scariest, is what you are seeing in the video – that all of the information that they are tracking along with others including IMEI/MEID, phone, networks you are on, etc. are all available to any app with the permission android.permission.INTERNET.  So essentially, every app on your phone.  Scary and insane, right?

Well here’s the good news if you can call it that.  HTC is looking into it this very minute.  They take security seriously and will hopefully issue an update that will patch this immediately.

Is the sky falling?  No.  Is this a ridiculous oversight by HTC’s part that is inexcusable?  You betcha it is. Thanks to TrevE over at XDA though for posting this on Friday and reporting it 5 days prior to that, they are well aware of it.  “Do work” HTC, and patch this damn thing, so we can look to enjoy the Vigor when it comes out this month.

In the mean time, if you are frightened by this, you can root your device and install a ROM that does not include HTC’s Sense.  Otherwise, I would suggest that you look through your app list to make sure you or anyone that has handled your device in a while hasn’t installed anything out of the ordinary.

Again, the world has not come to a screeching halt here.  HTC will fix it.  We’ll remind you again not to install shady apps from shady markets.

Via:  XDA

Cheers Mike!

  • Brent

    I have a stock Gingerbread Thunderbolt and cannot reproduce this, despite installing the proof of concept.  What’s different about my phone that makes it so he cannot connect to the logger? (BTW, there is also 0.0KB of data shown as logged by the HTC logger app).

  • none

    spoke to a manager at a VZW store complaining about all the issues I had with the Droid Incredible from rogue apps to uncommon sense. Since VZW would only replace the phone with another Droid Incredible I suggested I should root my phone. His response was “You could do that”. While not condoning rooting your device, he did admit we don’t have many options….wierd

  • http://quetiapineprice.socialgo.com/magazine/read/buy-seroquel-online-without-rx_1.html Romanoid1970

    I intended to post you this very little remark so as to say thank you yet again for all the exceptional advice you have contributed on this site. This is quite wonderfully generous of people like you to give publicly what a number of people would’ve distributed for an ebook to make some profit for their own end, especially considering that you might have done it in the event you desired. The basics likewise worked as a great way to be sure that most people have similar dream similar to my personal own to know a good deal more with regards to this matter. I believe there are thousands of more pleasurable occasions in the future for folks who see your blog post.

  • Tsak6789

    I’ve already decided that my next phone won’t be HTC. It’s bad enough that almost every time I hit the “home” button on my Evo the damn thing reboots.

  • Anonymous

    my best friend’s mom makes $78 an hour on the computer. She has been out of job for 9 months but last month her check was $7587 just working on the computer for a few hours. Read about it here HardRich.com

  • http://twitter.com/timberwolfkw Kyle Wilkins

    Granted this, if in the wrong hands can be damaging, but let’s be serious people. Like what was stated in the post. “Don’t download shady apps from shady markets.” If your rooted delete it. If you not rooted stick with the official Market or a reputable one like Amazon AppStore. This is a big flaw but can easily be avoided. If you were really considering the Vigor and aren’t because of this then you were never really considering getting the Vigor at all.

  • chris

    I knew there was a good reason why I prefer aosp over manufacturer skins.

  • Anonymous

    I sent an email out sunday, and they actually got back to me in like an hour. this is what they said:

    Dear Mike XXXXX,
    You were wondering about some concerns about the security and access to persona information on your HTC ThunderBolt.  I would be more than happy to assist you with this security inquiry.  I understand your concerns about the safety of your personal information and we are investigating it.  I will forward your information to the next level for further review.  I would recommend that you keep an eye on our public domain sites like http://www.htc.com/US along with Facebook and Twitter for any developments.  I thank you for your input concerning this issue. If you need any further assistance, you are welcome to send another inquiry through the HTC website by going through the Support page (http://www.htc.com/us/support) then tapping ‘send us an email’.  You should input all the necessary information requested on the page.
    To send a reply to this message or let me know I have successfully answered your question log in to our ContactUs site using your email address and your ticket number 11USCXXXXXXXXXXXX.
    Sincerely,
    Danielle
    HTC

    • Anonymous

      So what does it all mean? LOL

  • http://twitter.com/nashmax73 TomAss (TA)

    HTC TB users finally get Gingerbread — HOORAY!
    HTC (non)Sense upgrade exposes you to hackers — WTF!

  • Draven

    Glad I switched from my HTC Thunderbolt to a Motorola Bionic. Thanks for another reminder of the many reasons I switched.

  • Rich

    man, I knew HTC phones was junk… Not only are their skins ugly and just simply don’t offer any great use… They take for ever on updates and its apparent that when they do get the updates 6 months to a year later that the updates are also junk and cause more problems than not having the update… Now there are security flaws…  WTF HTC can you possibly get any more worse?

  • lOmdmx86

    Does anyone know which phones are affected by this security issue

    • Anonymous

      At least every major HTC phone (if not all): EVO, EVO 4g, Thunderbolt, Desire, and Vigor to name a few.

      • lOmdmx86

        So basically phones running GB 2.3.4?

        • Anonymous

          Looks like it. The EVO has had the file loaded for forever actually, but is just now getting attention. But, every phone that has received an update recently will likely have it. Use Astro to check your system/apps/HTCLogger.apk and delete it if it’s there =).

          • Omdmx86

            Ok cool thanks for the tip

  • Totem

    No HTC phones for me for a while. Why are they still logging all that data even when you opt out?

    • Kent

      I’m not liking HTC’s thinking and I shouldn’t have to root to fix things they intentionally put in.  “Let’s log everything even though the user opted out. Oh ya, let’s not secure the data either.” The Vigor just went off my potential phone list.

      • Jsommers

        yes, root or not, i’m not liking where htc is heading.

  • Anonymous

    Really? It takes a minute to delete htclogger.apk

    Soon you will be wishing you held off on caressing that Bionic!

    Consumer Reports this month still ranks the Thunderbolt as Verizons best choice!

    Seriously they are all good phones and this thing is not to get to excited about.

    • Anonymous

      How?

      • Anonymous

        You go in and delete it with root explorer.

    • Rayman411vm

      seriously, how? i have the thunderbolt and it is garbage unless you root

  • Kierra

    I love how ppl are being so dismissive of the issue. If you have to root to fix the problem thats NOT good.

    • Db

      You have a Android to not root it? If i was in that boat i’d just get a iphone :3

      • Anonymous

        Really…what reason is there not to root a Thunderbolt already? HTC has given us every reason to stop using an unrooted Sense ROM.

    • Anonymous

      The only the problem that needs to be fixed is that you’re not rooted yet…Every manufacturer’s ROM has bugs; and most are pretty darn annoying. You can either complain about it, or take it into your own hands. 

      The ones that are “dismissive” are simply the ones that have nothing to worry about…

      Happy Brithday: http://www.revoultionary.io/

  • http://www.facebook.com/nathanielnewmanmusic Nathaniel Newman

    (Removed)

  • Anonymous

    This is not as big a deal as it sounds. However I did go in and delete Htclogger.apk for good measure.

    But you could always call Verizon and demand the ability to upgrade in a few weeks. :-)

  • Keith Sumner

    This means a delay for your precious VIGOR, haters.

    (caresses his Bionic)

    • Anonymous

      Hilarious =D!

  • Anonymous

    Insult to injury for TB users.

    • Anonymous

      Not if you are running an AOSP ROM my friend =)!

      (Pssst…CM7)

  • Anonymous

    Thats why I take that garbage off my phone as soon as I get a new HTC device.. I only like HTC for their phone designs.

  • Franzie3

    I had read somewhere, if your rooted, use titanium backup and Freeze the HTC Logger application and that should do the trick

    • Anonymous

      Thanks for the tip.

    • Anonymous

      I think you can actually delete it using the root explorer =)

    • http://twitter.com/starnovsky Stan Tarnovsky

      Precisely so. You can even delete it completely. Takes a few moments if you rooted already, takes a bit more if you still need to root. No, sky is not falling, I don’t see what all this fuss is about…

      • http://twitter.com/wingdo Doug

        The fuss is about the fact most people do not root their phones.  Those who do not have this issue.

  • Anonymous

    Thank God for CM7, no issues over here =).